<!--#include file="conn.asp"-->
<%
dim sql,rs,FoundErr,ErrMsg
dim UserName,PassWord,CheckCode
UserName=replace(trim(request.Form("UserName")),"'","")
PassWord=replace(trim(Request.Form("PassWord")),"'","")
CheckCode=replace(trim(Request.Form("CheckCode")),"'","")

if UserName="" then
	FoundErr=True
	ErrMsg=ErrMsg & "<br><li>用户名不能为空！</li>"
end if
if PassWord="" then
	FoundErr=True
	ErrMsg=ErrMsg & "<br><li>密码不能为空！</li>"
end if
if CheckCode="" then
	FoundErr=True
	ErrMsg=ErrMsg & "<br><li>验证码不能为空！</li>"
end if
if session("CheckCode")="" then
	FoundErr=True
	ErrMsg=ErrMsg & "<br><li>你登录时间过长，请重新返回登录页面进行登录。</li>"
end if
if CheckCode<>CStr(session("CheckCode")) then
	FoundErr=True
	ErrMsg=ErrMsg & "<br><li>您输入的确认码和系统产生的不一致，请重新输入。</li>"
end if
if FoundErr<>True then
	PassWord=md5(PassWord)
	set rs=server.createobject("adodb.recordset")
	sql="select * from Admin_lt_jt_wjk where admin_User_wjk='"&UserName&"' and admin_Pwd_wjk='"&PassWord&"'"
	rs.open sql,conn,1,3
	if rs.bof and rs.eof then
		FoundErr=True
		ErrMsg=ErrMsg & "<br><li>用户名或密码错误！！！</li>"
	else
		if PassWord<>rs("admin_Pwd_wjk") then
			FoundErr=True
			ErrMsg=ErrMsg & "<br><li>密码错误！！！</li>"
		else
			rs("admin_logins")=rs("admin_logins")+1
			rs("admin_last_login_time")=rs("admin_now_login_time")
			rs("admin_now_login_time")=now()
			rs("admin_last_login_ip")=rs("admin_now_login_ip")
			rs("admin_now_login_ip")=GetIP()
			rs.update
			session("SYSUserID")=rs("ID")
			session("SYSUser")=rs("admin_User_wjk")
			session("SYSPwd")=rs("admin_Pwd_wjk")
			session("SYSRight")=rs("admin_right")
			response.Redirect("index.asp")
		end if
	end if
	rs.close
	set rs=nothing
end if
if FoundErr=True then WriteErrMsg(ErrMsg)
call CloseConn()
%>
